使用 WCF 服务或在 SoapUi 中更改规范化算法
Change canonicalization algorithm with WCF service or in SoapUi
我正在尝试使用 WS-Security(Https 和消息签名)开发 WCF 服务,基本上 - 它正在工作,我可以使用我的 .NET 客户端应用程序使用它,但我需要能够测试此 Web 服务与 SoapUi。我可以生成与我的 .NET 客户端应用程序几乎相同的请求,但只有一个区别 - SoapUi 使用规范化 xml-exc-c14n# like:
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsse s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
我的 .NET 客户端喜欢:
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
我试过来自
要改变这一点,
但没有成功。我无法使用派生自 SecurityAlgorithmSuite 的 class 设置 defaultAlgorithmSuite 变量,因为 WCF 抛出 ArgumentOutOfRangeException 但仅在运行时抛出。
下面是我的配置:
EndpointAddress address = new EndpointAddress(new Uri("dest_wcf_address"), EndpointIdentity.CreateDnsIdentity("cert"));
CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
asec.SetKeyDerivation(false);
asec.AllowInsecureTransport = true;
asec.IncludeTimestamp = true;
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.RequireClientCertificate = false;
binding.Elements.Add(asec);
binding.Elements.Add(textMessageEncoding);
binding.Elements.Add(transport);
config.Description.Behaviors.Add(new ServiceMetadataBehavior { HttpGetEnabled = true, HttpsGetEnabled = true });
config.Description.Behaviors.Add(new ServiceDebugBehavior { IncludeExceptionDetailInFaults = true });
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
config.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "cert_cn");
config.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
"clienct_cert_cn");
config.Credentials.ClientCertificate.Authentication.
CertificateValidationMode =
X509CertificateValidationMode.Custom;
config.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new CustomX509CertificateValidator();
config.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
ServiceEndpoint endpoint = config.AddServiceEndpoint(typeof(IService1), binding, "service_address");
endpoint.Address = address;
那么如何更改规范化算法
我还没有找到更改规范化算法的方法,但问题有所不同 - SoapUI 在使用 EXC-C14N 计算签名哈希时不会 trim 空格。 xml 中的漂亮打印破坏了安全性。作为解决方案,我们可以在请求级别的 SoapUI 中设置 Strip Whitespaces 属性,或者手动将它们从 body 元素中删除。
我正在尝试使用 WS-Security(Https 和消息签名)开发 WCF 服务,基本上 - 它正在工作,我可以使用我的 .NET 客户端应用程序使用它,但我需要能够测试此 Web 服务与 SoapUi。我可以生成与我的 .NET 客户端应用程序几乎相同的请求,但只有一个区别 - SoapUi 使用规范化 xml-exc-c14n# like:
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsse s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
我的 .NET 客户端喜欢:
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
我试过来自
EndpointAddress address = new EndpointAddress(new Uri("dest_wcf_address"), EndpointIdentity.CreateDnsIdentity("cert"));
CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
asec.SetKeyDerivation(false);
asec.AllowInsecureTransport = true;
asec.IncludeTimestamp = true;
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.RequireClientCertificate = false;
binding.Elements.Add(asec);
binding.Elements.Add(textMessageEncoding);
binding.Elements.Add(transport);
config.Description.Behaviors.Add(new ServiceMetadataBehavior { HttpGetEnabled = true, HttpsGetEnabled = true });
config.Description.Behaviors.Add(new ServiceDebugBehavior { IncludeExceptionDetailInFaults = true });
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
config.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "cert_cn");
config.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
"clienct_cert_cn");
config.Credentials.ClientCertificate.Authentication.
CertificateValidationMode =
X509CertificateValidationMode.Custom;
config.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new CustomX509CertificateValidator();
config.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
ServiceEndpoint endpoint = config.AddServiceEndpoint(typeof(IService1), binding, "service_address");
endpoint.Address = address;
那么如何更改规范化算法
我还没有找到更改规范化算法的方法,但问题有所不同 - SoapUI 在使用 EXC-C14N 计算签名哈希时不会 trim 空格。 xml 中的漂亮打印破坏了安全性。作为解决方案,我们可以在请求级别的 SoapUI 中设置 Strip Whitespaces 属性,或者手动将它们从 body 元素中删除。